Risk Management – You Can’t Just Look At Your “Strategic” Suppliers

Last week, I spent some time with Costas Xyloyiannis, the self-confessed computer geek and founder of HICX, the software-as-a-service firm who specialise in supplier information / master data management. We’ll have much more coming soon on that interview, but one point he made resonated as I made it myself during a webinar a few months back.

It relates to the way we segment suppliers. Traditionally, we might look at what we could define as tactical or transactional suppliers at that bottom of the pyramid, then routine / operational, then perhaps a dozen or two “strategic” or "collabrative"suppliers, and right at the top, a handful of true “partners”, firms who are strongly entwined with our organisation at the most important level.

For many of the activities and issues we need to execute with suppliers, that gave us a pretty good guide to how much time and effort is needed for each supplier. If you were considering basic factual suppleir data, performance management, where to put collaboration effort, or which firms you should look for CSR input and partnership, then the top of the pyramid is the place.

However, as Costas pointed out, when we get into issues around risk issues and the regulation, compliance and governance related to that, the pyramid is almost irrelevant. There might be a supplier that is pretty tactical, but could bring big problems in areas such as conflict minerals, sanctions, GDPR or modern slavery. Our friends at riskmethods might take the discussion even further actually and suggest we need to look at “multi-tier supply chains” as well, not just our immediate suppliers.

So this is forcing organisations into new approaches to risk management in particular. HICX comes at it very much from the point of view of getting your supplier master data into shape; as we say, more on that to come. riskmethods provides a platform to address the whole range of supply chain risks, with smart risk management tools and an alert process. Leading suite vendors – such as Ivalua, SAPAriba, Jaggaer, and Coupa – are building risk tools into their platforms.

And it is worth saying that these approaches are not mutually exclusive – we can see good reasons why an organisation might make use of all three options in parallel and indeed working in conjunction to greater benefit.

So this is all in response to the way in which the risk landscape is becoming trickier for buying organisations, in a number of ways. One of those challenges is certainly this point about the pyramid – there are simply more and more of our providers, even apparently “tactical” suppliers, that we have to look at carefully as potential sources of risk - risk that could cause serious consequences for us as buyers.